• Welcome to Jose's Read Only Forum 2023.
 

New Text-Manglers by Hutch

Started by Theo Gottwald, November 18, 2014, 10:18:18 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Theo Gottwald

Here are two new Text-Manglers from ASM Guru Hutch.
The "fe" produces an "one-time Pad" encrypted result like this:
' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FUNCTION [rename_me]() as STRING

  ' Text is 4 bytes excluding the terminating zero

    #REGISTER NONE

    LOCAL src  as DWORD
    LOCAL dst  as DWORD
    LOCAL outpt$

    src = CodePtr(datalabel)

    outpt$ = nul$(4)
    dst = StrPtr(outpt$)

  ' -------------------
  ' copy data to string
  ' -------------------
    ! mov esi, src
    ! mov edi, dst
    ! mov ecx, 4
    ! rep movsb

    src = CodePtr(paddlabel)

  ' -----------------------------
  ' xor string data to unique pad
  ' -----------------------------
    ! mov esi, dst
    ! mov ebx, 4
    ! mov edi, src
    ! add esi, ebx
    ! add edi, ebx
    ! neg ebx

  lbl0:
    ! movzx eax, BYTE PTR [edi+ebx]
    ! xor [esi+ebx], al
    ! add ebx, 1
    ! jz lbl1
    ! movzx eax, BYTE PTR [edi+ebx]
    ! xor [esi+ebx], al
    ! add ebx, 1
    ! jz lbl1
    ! movzx eax, BYTE PTR [edi+ebx]
    ! xor [esi+ebx], al
    ! add ebx, 1
    ! jz lbl1
    ! movzx eax, BYTE PTR [edi+ebx]
    ! xor [esi+ebx], al
    ! add ebx, 1
    ! jnz lbl0

  lbl1:
    FUNCTION = outpt$
    Exit FUNCTION

  #align 4
  datalabel:
    ! db 16,100,171,136,0

  #align 4
  paddlabel:
    ! db 68,12,206,231,0

End FUNCTION

' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


The second one produces another hardcoded result.

' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FUNCTION [[Rename_Me_Now]]() as STRING

    #REGISTER NONE

    LOCAL pstr as DWORD

    a$ = nul$(4)
    pstr = StrPtr(a$)

    ! mov esi, pstr

    ! mov BYTE PTR [esi+3], 111
    ! mov BYTE PTR [esi+2], 101
    ! mov BYTE PTR [esi+0], 84
    ! mov BYTE PTR [esi+1], 104

    FUNCTION = a$

END FUNCTION

' ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


To complete it, i have added Hutch's "File to ASM" Tool.